Working Intel CET Bits Now Land In GCC8

Written by Michael Larabel in Intel on 22 October 2017 at 08:12 AM EDT. Add A Comment
A few days back I wrote about Intel's work on Control-flow Enforcement Technology beginning to land in GCC. This "CET" work for future Intel CPUs has now landed in full for GCC 8.

The bits wiring up this control-flow instrumentation and enforcement support are now all present in mainline GCC SVN/Git for next year's GCC 8.1 release.

As explained in the earlier article, "Control-flow Enforcement Technology aims to prevent return-oriented programming (ROP) and call-jump-oriented programming (COP/JOP) attacks. The Intel-developed technology tries to prevent control-flow attacks by the concept of having a shadow stack to keep track of the expected return addresses and will raise faults if the return addresses does not match what is expected by the shadow stack. CET also has indirect branch tracking for stopping jump/call oriented attacks."

Among the switches now for using Intel CET with supported CPUs include -finstrument-control-flow, -mcet, -mibt and-mshstk. Unfortunately, no Intel CPUs yet in the market support this security technology.

More details on the tech via this new commit.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week